Is Microsoft Update Infecting You?Tens of millions of Microsoft users get their security updates from the Microsoft Update service. But a researcher at security firm Symantec (Quote) is alleging that users could potentially get something more than they bargained for.
A Symantec researcher said that Microsoft Update, which includes a component called Background Intelligent Transfer Service (BITS), could potentially be used by hackers to bypass security measures and attack users' PCs. BITS runs in the background on a Windows PC as an asynchronous download service for patch updates.
A Microsoft spokesperson confirmed to internetnews.com that Microsoft is aware of public reports that BITS is being used by TrojanDownloader:Win32/Jowspry to bypass policy-based firewalls in order to install additional malware.
According to Microsoft, the bypass relies on TrojanDownloader:Win32/Jowspry already being present on the system; it is not an attack vector for initial infection. The bypass most commonly occurs after a successful social-engineering attempt lures the user into inadvertently running TrojanDownloader:Win32/Jowspry, which then utilizes BITS to download additional malware.
Microsoft recommends that any users who believe they are affected by TrojanDownloader:Win32/Jowspry visit Windows Live OneCare safety scanner to scan their systems, determine if they are infected, and clean all currently known variants of this Trojan.
Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection, Symantec researcher Elia Florio wrote on the Symantec Security Response blog.
Reard more here